<?php
/*
 * @Author: your name
 * @Date: 2020-05-21 17:05:30
 * @LastEditTime: 2020-05-22 16:59:57
 * @LastEditors: Please set LastEditors
 * @Description: In User Settings Edit
 * @FilePath: /v3/application/adminapiv3/service/attackLogManage/fileLogManage/FileLogService.php
 */ 

namespace app\adminapiv3\service\attackLogManage\fileLogManage;
use app\adminapiv3\service\attackLogManage\AttackLogService;

class FileLogService extends AttackLogService
{
    const RESTORED = 1; //已还原
    const NOT_RESTORED = 0; //未还原
    const SOURCE_ACTIVITE_DEFENSE = 1; //日志来源->主动防御
    const SOURCE_FILE_SCANNING = 2; //日志来源->文件查杀
    const STATUS_ENABLE = 1;//开启
    const STATUS_DISABLE = 0;//关闭
    /**
     * @name: 处理数据
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2019-09-29 09:53:16
     */
    function handleData ($data)
    {

        $return = [];
        if (empty($data))
        {
            return $return;
        }

        $host_id_arr = $this->findGroupHost();


        $levelArray = array(
            1 => '风险文件',
            2 => '疑似文件',
        );

        $handleArray = array(
            0 => '仅记录',
            1 => '已隔离',
            2 => '已恢复',
        );
        foreach ($data as $k => $v)
        {
            $return[$k] = [
                'id' => $v['id'],
                'host_id' => $v['host_id'],
                'attack_dest' => $v['name'],
                'event_id' => $v['event_id'],
                'rule_id' => $v['rule_id'],
                'dest_ip' => $v['dest_ip'],
                'description' => $v['description'],
                'path' => $v['path'],
                'process' => $v['process'],
                'atime' => $v['atime'],
                'ctime' => $v['ctime'],
                'type' => $v['type'],
                'level' => $levelArray[$v['level']],//危险等级
                'handle' => $handleArray[$v['handle']],//处理方式
                'reset' => $v['reset'],
                'source' => $v['source'],
                'is_report' => $v['is_report'],
                'is_sync' => $v['is_sync'],
                'is_option' => in_array($v['host_id'], $host_id_arr) ? 1 : 0,
            ];
        }

        return $return;
    }

    /**
     * @name: 删除
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2020-05-22 10:57:44
     */
    function delete ($id_s)
    {
        $host_id_a = $this->nowGroupHost();
        db('FileAttack')->whereIn('id', $id_s)->whereIn('host_id', $host_id_a)->delete();
    }

    /**
     * @name: 清空
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2020-05-22 10:57:44
     */
    function clear ()
    {
        $host_id_a = $this->nowGroupHost();
        db('FileAttack')->whereIn('host_id', $host_id_a)->delete();
    }

    /**
     * @name: 恢复文件
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2020-05-22 13:28:12
     */
    function fileRest ($id, $host_id)
    {
        $data = db('FileAttack')->find($id);

        if(empty($data))
        {
            $this->setError($this->CODE_FAIL, '数据不存在!!');
        }

        if($data['reset'] == self::RESTORED && $data['handle'] == 2)
        {
            $this->setError($this->CODE_FAIL, '该文件已还原,请勿重复操作');
        }
        $account = $this->getUserInfo('account');

        db('host_exclude')->insertGetId([
            'host_id' => $data['host_id'],
            'type' => 1,
            'descirption' => '由 [' . $account . '] 恢复的文件而产生的排除文件',
            'content' => $data['path'],
            'auto_defense' => self::STATUS_ENABLE,
            'ctime' => time(),
            'status' => self::STATUS_ENABLE,
            'is_lock' => $id,
            'modify' => 1,
            'create' => 1,
            'del' => 1,
        ]);

       db('FileAttack')->where('id', $id)->where('host_id', $host_id)->update(['reset' => 1,'handle' => 2]);
    }

    /**
     * @name 数据包下载
     * @author wx
     * @date 2020/6/30 13:08
     */
    function dataPackage($host_id, $event_id, $atime)
    {
        $where['host_id'] = $host_id;
        $where['event_id'] = $event_id;
        $where['atime'] = $atime;

        //查询数据
        $data = db('attack_data')->field('id, data_package')
            ->where($where)->select();

        if(empty($data))
        {
            jsonErrorOut('当前对应主机未找到数据包', $this->CODE_FAIL);
            return [];
        }

       return $data;
    }

}